Skip to content

Commit f888c62

Browse files
authored
chore: update userinfo validator (#868)
* chore: update userinfo validator * chore: update actions * chore: update
1 parent c160bed commit f888c62

File tree

6 files changed

+90
-9
lines changed

6 files changed

+90
-9
lines changed

Diff for: .github/workflows/backend-tests-default.yml

+20
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
name: Backend Test
2+
3+
on:
4+
pull_request:
5+
branches:
6+
- main
7+
- "release/v*.*.*"
8+
paths:
9+
- "web/**"
10+
11+
jobs:
12+
go-static-checks:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- run: 'echo "Not required"'
16+
17+
go-tests:
18+
runs-on: ubuntu-latest
19+
steps:
20+
- run: 'echo "Not required"'

Diff for: .github/workflows/backend-tests.yml

+1-3
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
11
name: Backend Test
22

33
on:
4-
push:
4+
pull_request:
55
branches:
66
- main
77
- "release/v*.*.*"
8-
pull_request:
9-
branches: [main]
108
paths-ignore:
119
- "web/**"
1210

Diff for: .github/workflows/frontend-tests-default.yml

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
name: Frontend Test
2+
3+
on:
4+
pull_request:
5+
branches:
6+
- main
7+
- "release/v*.*.*"
8+
paths-ignore:
9+
- "web/**"
10+
11+
jobs:
12+
eslint-checks:
13+
runs-on: ubuntu-latest
14+
steps:
15+
- run: 'echo "Not required"'
16+
17+
jest-tests:
18+
runs-on: ubuntu-latest
19+
steps:
20+
- run: 'echo "Not required"'
21+
22+
frontend-build:
23+
runs-on: ubuntu-latest
24+
steps:
25+
- run: 'echo "Not required"'

Diff for: .github/workflows/frontend-tests.yml

+1-3
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
11
name: Frontend Test
22

33
on:
4-
push:
4+
pull_request:
55
branches:
66
- main
77
- "release/v*.*.*"
8-
pull_request:
9-
branches: [main]
108
paths:
119
- "web/**"
1210

Diff for: api/user.go

+41
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@ package api
22

33
import (
44
"fmt"
5+
6+
"github.com/usememos/memos/common"
57
)
68

79
// Role is the type of a role.
@@ -61,9 +63,23 @@ func (create UserCreate) Validate() error {
6163
if len(create.Username) < 4 {
6264
return fmt.Errorf("username is too short, minimum length is 4")
6365
}
66+
if len(create.Username) > 32 {
67+
return fmt.Errorf("username is too long, maximum length is 32")
68+
}
6469
if len(create.Password) < 4 {
6570
return fmt.Errorf("password is too short, minimum length is 4")
6671
}
72+
if len(create.Nickname) > 64 {
73+
return fmt.Errorf("nickname is too long, maximum length is 64")
74+
}
75+
if create.Email != "" {
76+
if len(create.Email) > 256 {
77+
return fmt.Errorf("email is too long, maximum length is 256")
78+
}
79+
if common.ValidateEmail(create.Email) {
80+
return fmt.Errorf("invalid email format")
81+
}
82+
}
6783

6884
return nil
6985
}
@@ -85,6 +101,31 @@ type UserPatch struct {
85101
OpenID *string
86102
}
87103

104+
func (patch UserPatch) Validate() error {
105+
if patch.Username != nil && len(*patch.Username) < 4 {
106+
return fmt.Errorf("username is too short, minimum length is 4")
107+
}
108+
if patch.Username != nil && len(*patch.Username) > 32 {
109+
return fmt.Errorf("username is too long, maximum length is 32")
110+
}
111+
if patch.Password != nil && len(*patch.Password) < 4 {
112+
return fmt.Errorf("password is too short, minimum length is 4")
113+
}
114+
if patch.Nickname != nil && len(*patch.Nickname) > 64 {
115+
return fmt.Errorf("nickname is too long, maximum length is 64")
116+
}
117+
if patch.Email != nil {
118+
if len(*patch.Email) > 256 {
119+
return fmt.Errorf("email is too long, maximum length is 256")
120+
}
121+
if common.ValidateEmail(*patch.Email) {
122+
return fmt.Errorf("invalid email format")
123+
}
124+
}
125+
126+
return nil
127+
}
128+
88129
type UserFind struct {
89130
ID *int `json:"id"`
90131

Diff for: server/user.go

+2-3
Original file line numberDiff line numberDiff line change
@@ -198,9 +198,8 @@ func (s *Server) registerUserRoutes(g *echo.Group) {
198198
if err := json.NewDecoder(c.Request().Body).Decode(userPatch); err != nil {
199199
return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err)
200200
}
201-
202-
if userPatch.Email != nil && *userPatch.Email != "" && !common.ValidateEmail(*userPatch.Email) {
203-
return echo.NewHTTPError(http.StatusBadRequest, "Invalid email format")
201+
if err := userPatch.Validate(); err != nil {
202+
return echo.NewHTTPError(http.StatusBadRequest, "Invalid user patch format.").SetInternal(err)
204203
}
205204

206205
if userPatch.Password != nil && *userPatch.Password != "" {

0 commit comments

Comments
 (0)